Описание
In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface over unencrypted HTTP protocol. Communication between the user and the device can be eavesdropped to hijack sessions, tokens and passwords.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:fibaro:home_center_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fibaro:home_center_2:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:fibaro:home_center_lite_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fibaro:home_center_lite:-:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.01202
Низкий
8.1 High
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-319
CWE-319
Связанные уязвимости
github
больше 3 лет назад
In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface over unencrypted HTTP protocol. Communication between the user and the device can be eavesdropped to hijack sessions, tokens and passwords.
EPSS
Процентиль: 79%
0.01202
Низкий
8.1 High
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-319
CWE-319